locked
Cisco asa 5505 with nps RRS feed

  • Question

  • I'm trying to setup our new cisco asa vpn device with nps authentication.  Is there a guide on how to do this, I can't seem to get it setup.  We do have 2003 setup this way already, but it was done by a previous network admin.  Anyhelp would be appreciated.
    Friday, September 18, 2009 1:29 PM

Answers

  • Hi Chad,

    If you join the NPS to the domain, NPS by default authenticates against the AD. There is no additional configuration needed.

    If you didn't join NPS to any domain, then it authenticates against the local SAM.

    Thanks,
    Srinivasulu.
    Tuesday, September 22, 2009 5:38 PM

All replies

  • Are you looking for help with the ASA code or the NPS side?  Or both?
    Friday, September 18, 2009 2:17 PM
  • Hi,

    I dont have much knowledge on setup of Cisco ASA. But on the NPS side.

    You can use the configure NAP wizard (http://technet.microsoft.com/en-us/library/dd314165(WS.10).aspx) to setup the NPS policies. You can also use the step by step guide http://www.microsoft.com/downloads/details.aspx?FamilyID=729bba00-55ad-4199-b441-378cc3d900a7&displaylang=en. But step by step guide provides details for health enforcement too, You would need to ignore them since you are using NPS just for authentication.

    Thanks,
    SRinivasulu.

    Friday, September 18, 2009 6:24 PM
  • Well, all i need really is authentication setup, but authorization would be really nice to have also.
    Monday, September 21, 2009 6:54 PM
  • I need both sides, I think i got it somewhat setup for it on the cisco 5505.  I added it in to AAA groups, then changed port numbers to 1812 and 1813 respectively, I'd like to use domain accounts instead of the sam(local accounts) for authentication, any ideas on how to do that?
    Monday, September 21, 2009 6:55 PM
  • Tuesday, September 22, 2009 1:10 PM
  • Hi Chad,

    If you join the NPS to the domain, NPS by default authenticates against the AD. There is no additional configuration needed.

    If you didn't join NPS to any domain, then it authenticates against the local SAM.

    Thanks,
    Srinivasulu.
    Tuesday, September 22, 2009 5:38 PM
  • hi All,

      I'm also looking two factor authentication with ASA and NPS guide.

      How to setup certificate and issue to client laptops?

    As

     

    Wednesday, August 27, 2014 10:31 PM
  • Do you want to use user or machine certifcates? I assume if you say "two-factor" you want to use certificate on smart cards? With machines you could use a TPM chip for additional security (think "smart card owned by a machine").

    In both cases certificates could be issued to users or machines via autoenrollment (based on an autoenrollment GPO and certificate templates with the Read, Enroll and Autoenroll permissions set).

    The CISCO VPN client can be configured to use either machine or user certificates.

    CISCO ASA requires an IPsec certificate, to be issued manually.

    Elke



    • Edited by Elke Stangl Thursday, September 11, 2014 12:08 PM
    Tuesday, September 2, 2014 4:57 PM